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The listing of claims presented below replaces all prior versions, and listings, of 
claims in the application: 



1-16. (Cancelled) 

17. (New) A method of authenticating a transaction initiated from a mobile device by a 
cardholder, the method comprising the steps of: 



receiving a purchase request message from the mobile device, the purchase 
request message comprising an identifier for the cardholder; 

extracting the identifier from the purchase request message; 

matching the identifier with a corresponding value stored in a remote database; 

extracting cardholder data from the database based on the extracted identifier, 

simulating an internet browsing session between the cardholder and a Merchant 
Plug-in URL; 

sending an authentication request message to an Issuer access control means 
by simulating an internet browsing session between the cardholder and the 
Issuer access control means; 

receiving a purchase authentication page from the Issuer access control means; 

extracting displayable information from the purchase authentication page and 
storing the purchase authentication web page; 

prompting the cardholder to enter his or her credentials; 



Listing of claims: 
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receiving a message containing cardholder credentials and extracting cardholder 
credentials from the message; 

parsing the stored purchase authentication page and recognizing the cardholder 
credential field (s); 

inserting the cardholder credentials into the purchase authentication page; 

sending the populated purchase authentication page to the Issuer access control 
means; and 

receiving an authentication response message from the authentication system. 

18. (New) The method of claim 17, which includes the following steps prior to sending an 
authentication request message to an Issuer access control means by simulating an 
internet browsing session between the cardholder and the Issuer access control means: 

receiving an authentication request message from the merchant 

19. (New) The method of claim 17, which includes the further steps of: 

forwarding the authentication response message to a Merchant control means; 

decoding and validating the authentication response; and 

generating an authorization request message and sending it to an Acquirer. 

20. (New) The method of claim 17, wherein the mobile device is selected from the group 
comprising: mobile telephones, Personal Digital Assistants (PDA's) and laptop 
computers. 

21. (New) The method of claim 17, wherein the technology used to submit a purchase 
request is taken from the group comprising: an Interactive Voice Response (IVR), Short 

Page 3 of 12 



PACE 3/13 ■ RCVD AT 5/26/2009 2:50:95 PM [Eastern Daylight Time] * SVR:USPTO-EFXRF-5/45 ■ DNIS:2738300 * CSID:312 427 6683 • DURATION (mm-ss): 02-20 



05/26/2009 14:01 FAX 312 427 6663 



LADAS & PARRY LLP 



@]0004/0013 



Application Serial No. 10/562,773 PATENT 
Reply to Office Action of November 26, 2008 Docket: CU-4643 

message Services (SMS), SIM Toolkit (STK), Unstructured Supplementary Services 
Data (USSD) and Wireless Application Protocol (WAP). 

22. (New) The method of claim 17, wherein the mobile device operates in a network which 
makes use of a plurality of wired and/or wireless network transport mechanisms to route 
the purchase request, the plurality of network transport mechanisms including GSM, 
CDMA, TDMA, GPRS, 3G, Bluetooth, Infrared, RFID and PSTN. 

23. (New) The method of claim 17, wherein the cardholder credentials are selected from a 
group comprising a PIN, user ID and/or password, a biometric reading, a pseudo 
random number, a cryptogram, and a digital signature. 

24. (New) A system for authenticating a transaction initiated from a mobile device by a 
cardholder, the system comprising: 

receiving means for receiving a purchase request message from the mobile 
device, the purchase request message comprising an identifier for the 
cardholder; 

extracting means for extracting the identifier from the purchase request message; 

matching means for matching the identifier with a corresponding value stored in a 
remote database; 

means for extracting cardholder data from the database based on the extracted 
identifier; 

means for simulating an internet browsing session between the cardholder and a 
Merchant Plug-in URL; 

means for sending an authentication request message to an Issuer access 
control means by simulating an internet browsing session between the 
cardholder and the Issuer access control means; 
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25. 



26. 



means for receiving a purchase authentication page from the Issuer access 
control means; 

means for extracting displayable information from the purchase authentication 
page and storing the purchase authentication web page; 

means for prompting the cardholder to enter his or her credentials; 

means for receiving a message containing cardholder credentials and extracting 
cardholder credentials from the message; 

means for parsing the stored purchase authentication page and recognizing the 
cardholder credential field(s); 

means for inserting the cardholder credentials into the purchase authentication 



means for sending the populated purchase authentication page to the Issuer 
access control means; and 

means for receiving an authentication response message from the authentication 
system. 

(New) The system of claim 24, which further includes forwarding means for forwarding 
the authentication response message to a Merchant control means, which is arranged to 
decode and validate the authentication response and to then generate an authorization 
request message and send it to an Acquirer. 

(New) The system of claim 24, wherein the mobile device Is selected from the group 
comprising: mobile telephones, Personal Digital Assistants (PDA's) and laptop 
computers. 

(New) The system of claim 24, wherein the technology used to submit a purchase 
request is taken from the group comprising: an Interactive Voice Response (IVR), Short 



page; 
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message Services (SMS), SIM Toolkit (STK), Unstructured Supplementary Services 
Data (USSD) and Wireless Application Protocol (WAP). 

28. (New) The system of claim 24, wherein the mobile device operates in a network that 
makes use of a plurality of wired and/or wireless network transport mechanisms to route 
the purchase request, the plurality of network transport mechanisms including GSM, 
CDMA, TDMA, GPRS. 3G, Bluetooth, Infrared, RFID and PSTN. 

29. (New) The system of claim 24, wherein the cardholder credentials are selected from a 
group comprising a PIN, user ID and/or password, a biometric reading, a pseudo 
random number, a cryptogram, and a digital signature. 
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